Trojan.Agent.Trace

Amphitrite · 04.04.2016, 22:48

Ich habe mit Anti-Malware einen Trojaner gefunden. Wie werde ich ihn effektiv wieder los?

Bisher habe ich die 3 gefundenen Bedrohungen in Quarantäne verschoben.

Es handelt sich um einen Desktop Computer mit Windows 7

Ich hoffe ich kann den Trojaner effektiv beseitigen. Um Hilfe bin ich sehr dankbar.

Liebe Grüße

cosinus · 05.04.2016, 12:50

moin

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Amphitrite · 05.04.2016, 18:31

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 04.04.2016
Suchlaufzeit: 21:07
Protokolldatei: malware scan 0404.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.04.04.07
Rootkit-Datenbank: v2016.04.03.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Daivoon

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 455662
Abgelaufene Zeit: 1 Std., 4 Min., 26 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [c413a505b5e4d95da417897027db29d7], 

Dateien: 2
Trojan.Agent.Trace, C:\Users\Daivoon\AppData\Roaming\pid.txt, , [6b6c83272d6cf73fbdcb0a4c4eb68977], 
Trojan.Agent.Trace, C:\Users\Daivoon\AppData\Roaming\pidloc.txt, , [64737b2fc0d9171f6f19292d2ed63dc3], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

cosinus · 05.04.2016, 20:44

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Amphitrite · 13.04.2016, 12:37

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Daivoon (administrator) on DAIVOON-PC (13-04-2016 12:31:40)
Running from C:\Users\Daivoon\Downloads
Loaded Profiles: Daivoon (Available Profiles: Daivoon & Goetz & Invitado)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft) C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-13] (AVAST Software)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\Run: [Polar FlowSync] => [X]
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\Run: [EDO-Soft Sticky Notes] => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe [373760 2014-02-23] (Microsoft)
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\RunOnce: [Uninstall C:\Users\Daivoon\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daivoon\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\RunOnce: [Uninstall C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\RunOnce: [Uninstall C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-13] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2014-11-26]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-12-10]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{0B69A450-8BBE-47F9-9286-2BCF071F152B}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{2936A1A8-246D-4788-BD0B-0B2E5DCA93AF}: [NameServer] 131.130.1.11 131.130.1.12
Tcpip\..\Interfaces\{F2D76251-7AA0-4993-A59C-85CCF9E8C036}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2640099909-525072943-4173629134-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2640099909-525072943-4173629134-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-13] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-03-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\sg6otba9.default
FF Homepage: hxxps://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Extension: NEWA - C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\sg6otba9.default\Extensions\NEWA@Ansgar.xpi [2015-02-12] [not signed]
FF Extension: Qute 4++ (custom mod) - C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\sg6otba9.default\Extensions\{69d0119c-32f1-4766-82d7-617f04d5643b}.xpi [2014-11-25] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://es.search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "hxxps://www.google.at/"
CHR Profile: C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WhatsChrome) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-02-15]
CHR Extension: (YouTube) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Telegram) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-02-11]
CHR Extension: (Google-Suche) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google News) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-03-04]
CHR Extension: (Google Tabellen) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-06]
CHR Extension: (Fade to Bright Aero Skin (by Skarv)) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniphhdbdangomdllnbbhhkofoggidgc [2015-08-07]
CHR Extension: (Hootsuite) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-11-24]
CHR Extension: (Google Maps) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Assignments (by Hootsuite)) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfcehdaekhnbkojcnjijopkecldfdcm [2014-11-24]
CHR Extension: (Evernote Web Clipper) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-03-03]
CHR Extension: (Google Mail) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-13] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2014-10-22] (Samsung Electronics Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-13] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-13 12:31 - 2016-04-13 12:32 - 00029082 _____ C:\Users\Daivoon\Downloads\FRST.txt
2016-04-13 12:31 - 2016-04-13 12:32 - 00000000 ____D C:\FRST
2016-04-13 12:30 - 2016-04-13 12:30 - 02375168 _____ (Farbar) C:\Users\Daivoon\Downloads\FRST64.exe
2016-04-13 12:22 - 2016-04-13 12:22 - 00001041 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-13 12:22 - 2016-04-13 12:22 - 00000000 ___HD C:\OneDriveTemp
2016-04-13 12:19 - 2016-04-13 12:19 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-13 12:19 - 2016-04-13 12:19 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-06 15:13 - 2016-04-06 15:16 - 00000000 ____D C:\Users\Daivoon\Desktop\jochen
2016-04-05 15:05 - 2016-04-05 15:05 - 00024602 _____ C:\Users\Daivoon\Desktop\It is my personal belief that anyone can become or accomplish anything IF they truly believe in themselves.odt
2016-04-04 22:31 - 2016-04-04 22:31 - 00001452 _____ C:\Users\Daivoon\Desktop\malware scan 0404.txt
2016-04-04 22:29 - 2016-04-04 22:29 - 00001452 _____ C:\Users\Daivoon\Desktop\malwarescan 04.04.txt
2016-04-04 21:05 - 2016-04-13 12:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-04 21:04 - 2016-04-04 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-04 21:04 - 2016-04-04 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-04 21:04 - 2016-04-04 21:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-04 21:04 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-04 21:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-04 21:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-04 21:01 - 2016-04-04 21:01 - 22851472 _____ (Malwarebytes ) C:\Users\Daivoon\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-04 16:47 - 2016-04-04 16:47 - 00074175 _____ C:\Users\Daivoon\Downloads\e-ticket_7242138131059.pdf
2016-03-31 09:24 - 2016-03-31 09:24 - 01936909 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_08_25.pdf
2016-03-31 09:24 - 2016-03-31 09:24 - 01936902 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_08_25 (1).pdf
2016-03-31 08:57 - 2016-03-31 08:57 - 01846737 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_07_58.pdf
2016-03-31 08:56 - 2016-03-31 08:56 - 01846753 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_07_57.pdf
2016-03-31 08:56 - 2016-03-31 08:56 - 01846735 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_07_57 (1).pdf
2016-03-29 15:22 - 2016-03-29 15:22 - 00000000 ____D C:\Users\Daivoon\Desktop\kurs julia und  jan
2016-03-28 19:18 - 2016-03-28 19:19 - 00000000 ____D C:\Users\Daivoon\Desktop\kurs maxi
2016-03-26 10:09 - 2016-03-26 10:09 - 01665128 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_10.pdf
2016-03-26 10:08 - 2016-03-26 10:09 - 01665153 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_09.pdf
2016-03-26 10:07 - 2016-03-26 10:07 - 01665112 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_07 (1).pdf
2016-03-26 10:06 - 2016-03-26 10:06 - 01665117 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_07.pdf
2016-03-24 09:41 - 2016-03-24 09:41 - 00000104 _____ C:\Users\Invitado\Desktop\Nuevo documento de texto.txt
2016-03-22 15:13 - 2016-03-22 15:13 - 00069243 _____ C:\Users\Invitado\Downloads\trainingrecord-cmas-1-stern (4).pdf
2016-03-19 09:58 - 2016-03-19 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 21:40 - 2016-03-17 21:40 - 00004891 _____ C:\Users\Daivoon\Desktop\Ron liste2.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-13 12:31 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-13 12:31 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-13 12:24 - 2014-11-25 14:59 - 00000000 ___RD C:\Users\Daivoon\Dropbox
2016-04-13 12:23 - 2014-12-11 11:46 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-13 12:23 - 2014-11-25 14:55 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\Dropbox
2016-04-13 12:22 - 2015-12-02 11:11 - 00003060 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1449051072
2016-04-13 12:22 - 2015-11-17 10:16 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-13 12:22 - 2014-11-26 11:13 - 00000000 ___RD C:\Users\Daivoon\OneDrive
2016-04-13 12:22 - 2014-11-24 18:58 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 12:22 - 2014-11-24 16:45 - 00000000 ____D C:\ProgramData\clear.fi
2016-04-13 12:21 - 2015-11-17 10:16 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-13 12:21 - 2014-11-24 14:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-13 12:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-13 12:20 - 2014-11-24 19:09 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-13 12:20 - 2014-11-24 19:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-13 12:19 - 2014-11-24 19:14 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-13 12:16 - 2014-11-27 18:28 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\UseNeXT
2016-04-13 12:09 - 2014-11-24 18:58 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 12:07 - 2014-11-27 18:28 - 00000000 ____D C:\Users\Daivoon\Documents\UseNeXT
2016-04-12 09:11 - 2014-11-24 18:59 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 09:01 - 2014-11-26 11:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-12 09:00 - 2014-11-24 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-08 10:23 - 2014-12-11 11:46 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 10:23 - 2014-12-11 11:46 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 10:23 - 2011-07-11 05:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 13:14 - 2016-02-11 15:33 - 00000000 ____D C:\Users\Invitado\Desktop\DSD
2016-04-06 23:51 - 2014-11-25 15:41 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\Skype
2016-04-06 13:49 - 2014-11-25 17:25 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\vlc
2016-04-05 10:12 - 2014-11-24 23:39 - 00747396 _____ C:\Windows\system32\perfh00A.dat
2016-04-05 10:12 - 2014-11-24 23:39 - 00158868 _____ C:\Windows\system32\perfc00A.dat
2016-04-05 10:12 - 2009-07-14 06:13 - 01676890 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-05 10:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-04-04 22:46 - 2014-11-25 15:54 - 00000000 ____D C:\ProgramData\APN
2016-04-04 15:54 - 2015-08-25 14:26 - 00000000 ____D C:\Users\Daivoon\Desktop\DSD  + pic`s
2016-04-02 19:55 - 2016-01-10 18:27 - 00000000 ____D C:\Users\Invitado\AppData\Roaming\Skype
2016-04-01 13:14 - 2015-02-03 19:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-29 07:52 - 2009-07-14 06:08 - 00032520 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-28 20:18 - 2011-07-11 04:41 - 00000000 ____D C:\ProgramData\Skype
2016-03-28 20:17 - 2014-11-25 16:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-26 19:56 - 2015-02-17 16:15 - 00000000 ___RD C:\Users\Goetz\Dropbox
2016-03-26 18:05 - 2014-11-25 16:54 - 00000000 ____D C:\Users\Daivoon\Desktop\Filme
2016-03-26 17:59 - 2014-11-24 16:32 - 00000000 ____D C:\Users\Daivoon
2016-03-23 14:49 - 2016-03-04 18:51 - 00000000 ____D C:\Users\Daivoon\Desktop\papel por la museum
2016-03-22 19:08 - 2014-12-10 17:29 - 00000000 ____D C:\Users\Daivoon\Documents\Scan
2016-03-21 11:36 - 2016-02-18 16:39 - 00000000 ____D C:\Users\Daivoon\AppData\Local\ElevatedDiagnostics
2016-03-19 09:58 - 2015-11-17 10:16 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-14 19:45 - 2016-03-11 15:22 - 00000000 ____D C:\Users\Daivoon\Desktop\hagan_owd_kurs_ FranZ_AOWD

==================== Files in the root of some directories =======

2015-04-08 09:28 - 2015-04-08 09:28 - 0121790 _____ () C:\Users\Daivoon\AppData\Local\0DD89E43_stp.CIS
2015-04-08 09:28 - 2015-04-08 09:28 - 0000310 _____ () C:\Users\Daivoon\AppData\Local\0DD89E43_stp.CIS.part
2015-04-08 09:27 - 2015-04-08 09:27 - 0192475 _____ () C:\Users\Daivoon\AppData\Local\38C2540F_stp.CIS
2015-04-08 09:27 - 2015-04-08 09:27 - 0000290 _____ () C:\Users\Daivoon\AppData\Local\38C2540F_stp.CIS.part
2015-04-08 09:27 - 2015-04-08 09:27 - 0385602 _____ () C:\Users\Daivoon\AppData\Local\5D515C96_stp.CIS
2015-04-08 09:27 - 2015-04-08 09:27 - 0000220 _____ () C:\Users\Daivoon\AppData\Local\5D515C96_stp.CIS.part
2014-11-24 16:05 - 2014-11-24 16:06 - 0002640 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some files in TEMP:
====================
C:\Users\Daivoon\AppData\Local\Temp\cct.dll
C:\Users\Daivoon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpke4lg9.dll
C:\Users\Daivoon\AppData\Local\Temp\JavaIC.dll
C:\Users\Daivoon\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Daivoon\AppData\Local\Temp\msscct32.dll
C:\Users\Daivoon\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Daivoon\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Goetz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7wez50.dll
C:\Users\Invitado\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpormftm.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-09 09:11

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Daivoon (2016-04-13 12:33:00)
Running from C:\Users\Daivoon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-24 15:32:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2640099909-525072943-4173629134-500 - Administrator - Disabled)
Daivoon (S-1-5-21-2640099909-525072943-4173629134-1001 - Administrator - Enabled) => C:\Users\Daivoon
Goetz (S-1-5-21-2640099909-525072943-4173629134-1003 - Limited - Enabled) => C:\Users\Goetz
HomeGroupUser$ (S-1-5-21-2640099909-525072943-4173629134-1002 - Limited - Enabled)
Invitado (S-1-5-21-2640099909-525072943-4173629134-501 - Limited - Enabled) => C:\Users\Invitado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
calibre (HKLM-x32\...\{84A259BB-88C4-435F-B755-8C6EE64B7E93}) (Version: 2.40.0 - Kovid Goyal)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diagnóstico de impresoras Samsung (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote Sticky Notes (HKLM-x32\...\{4FC3ACD7-105C-42E2-9A48-4FFF58C76D19}) (Version: 1.5.9 - Evernote Sticky Notes)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6769.2015 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA Controlador de audio HD 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 280.19 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.8019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 280.19 (Version: 280.19 - NVIDIA Corporation) Hidden
Paquete de controladores de Logitech Webcam Software (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar FlowSync Version 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.44 (23.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.58.01(20.10.2014) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.17 (17.09.2014) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.11 (22.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vokabeltrainer En Vivo A1 (HKLM-x32\...\{589D1E78-A6BA-485D-85D9-83F9E3DC1379}) (Version: 5.0.15 - Langenscheidt)
Vokabeltrainer-Update 5.0.33 (HKLM-x32\...\{9E493105-122C-4F96-9773-B5161001198E}) (Version: 5.0.33 - Langenscheidt)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2640099909-525072943-4173629134-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2640099909-525072943-4173629134-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CF3810-2F92-439F-AD50-695C7B6DA836} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {19BD3774-F27A-4058-BFBB-438FA6B1C525} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2CBBF051-AE32-4F9D-B447-7808058C62F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2D1B25D0-2A7C-4CEF-A5EE-DD40512E1F8A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {490FCC47-F4D8-44EE-93F1-FE7D89E904FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-13] (AVAST Software)
Task: {4CF9A038-BA59-459B-A1FA-80F022479433} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {51290902-251B-46C4-8557-19C9EABBCB45} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {51615939-8D07-44E2-9520-DC410BB63AE7} - System32\Tasks\SafeZone scheduled Autoupdate 1449051072 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {71D499A4-E14F-450F-9033-321BCA1069D8} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {72B64BBB-B604-41B4-96D2-7B04F9DEDB5B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {905EBE36-4140-44B6-9AE8-EF331E4CD947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {95F1F8D4-09E2-4566-9044-25426C6EE4D4} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {A6FED1FE-7E9F-41A2-910A-F3C983AA0D8C} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {A79B72F6-C233-4BD1-B92A-F373F26438E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {B267C0BE-DCD1-4338-8B74-104C97EEDA9E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-25] (Microsoft Corporation)
Task: {B6577E98-356A-49DA-9562-25A16C0988FB} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-09-05] (Acer)
Task: {DBE19309-8473-48D3-A0A1-9BB09221FEB8} - System32\Tasks\{2F040BB0-4A7C-4C24-AAFB-1802FE0D134B} => pcalua.exe -a C:\Users\Daivoon\AppData\Local\Evernote\Evernote\AutoUpdate\Evernote_5.8.5.7193.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
Task: {DFECE80C-4D5D-49F8-83B3-B1D523FCFFFF} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {E267724A-6DF6-41C9-B669-9DEDA7235FF0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-11-25 17:12 - 2013-05-29 13:01 - 00034304 _____ () C:\Windows\System32\ssm4mlm.dll
2015-12-04 09:42 - 2016-03-24 17:28 - 00172232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-09-08 14:39 - 2014-09-08 14:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-11-26 14:55 - 2009-07-20 13:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2014-11-26 14:55 - 2009-07-20 05:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 17:26 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2014-07-25 05:36 - 2014-08-18 17:08 - 00087552 ____N () C:\Windows\system32\SSDEVM64.DLL
2014-11-25 17:14 - 2013-02-22 14:29 - 00365568 _____ () C:\Windows\system32\SaMinDrv.dll
2016-04-13 12:19 - 2016-04-13 12:19 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-13 12:19 - 2016-04-13 12:19 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-13 12:17 - 2016-04-13 12:17 - 02887168 _____ () C:\Program Files\AVAST Software\Avast\defs\16041300\algo.dll
2016-04-13 12:19 - 2016-04-13 12:19 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-11-24 16:06 - 2011-10-12 11:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-12-02 11:04 - 2015-12-02 11:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-14 11:05 - 2016-02-23 19:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-19 09:58 - 2016-02-23 19:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-19 09:58 - 2016-02-23 19:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-14 11:05 - 2016-02-23 19:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-14 11:05 - 2016-02-23 19:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-14 11:05 - 2016-03-12 01:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-19 09:58 - 2016-02-23 19:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-14 11:05 - 2016-03-12 01:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-14 11:05 - 2016-02-23 19:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 11:05 - 2016-02-23 19:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-14 11:05 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 11:05 - 2016-03-12 01:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-19 09:58 - 2016-02-23 19:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-19 09:58 - 2016-02-23 19:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-14 11:05 - 2016-03-12 01:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 11:05 - 2016-02-23 19:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-19 09:58 - 2016-02-23 19:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-19 09:58 - 2016-02-23 19:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-19 09:58 - 2016-03-12 01:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-14 11:05 - 2016-02-23 19:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-19 09:58 - 2016-02-23 19:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-19 09:58 - 2016-02-23 19:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-14 11:05 - 2016-03-12 01:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-11-17 10:17 - 2016-02-23 19:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-12 09:11 - 2016-04-06 11:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 09:11 - 2016-04-06 11:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2016-02-11 14:01 - 2016-02-11 14:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5eb8f854950c428c64f668e63c5a0498\IsdiInterop.ni.dll
2014-11-24 15:54 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-01-08 10:17 - 2016-01-08 10:17 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-01-08 10:17 - 2016-01-08 10:17 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2640099909-525072943-4173629134-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BitTorrent => "C:\Users\Daivoon\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: EDO-Soft Sticky Notes => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{94CAA6C1-26FB-49C6-9FA9-EC7A3DD271E5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4839D2F9-7DFE-4468-9715-FB736666D338}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7215FA78-059E-4045-B452-9083302F9016}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9FEF16CE-2748-4F82-8C08-B8B54090E4BA}] => (Allow) LPort=2869
FirewallRules: [{E7F75A57-F11B-4596-BC7E-5666B08F9787}] => (Allow) LPort=1900
FirewallRules: [{4C076C0E-66F6-4CA9-B621-87F36AD128ED}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{7D182FAF-506F-4D1E-8CEC-D7FB73A424E1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{D7ECF7D6-6EB3-4370-85E9-FE4940B48E4A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F0605FCD-4B6F-44DE-BBC0-C14CB8F4EB58}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{431CA109-CF91-4F69-B0C3-4CC19002F683}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{9BA21ADB-B9E5-48F9-8930-837A1B547B96}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{5419E5D8-B7CD-42BF-B0FE-2FEA57F18565}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9D4EE24C-4FDC-45BE-BA4E-BE15A2BBB6B1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{2AFB6D6E-F01E-462F-8EFE-7AF07F5824FA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{0C47FC59-6569-45A9-881C-B0DCD5982638}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{75855F23-5C4D-46BF-A286-BA1C83F50DDE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{6CAA81A0-D76A-4A96-97DB-A609BCA0E6B1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D1A0A6EC-2480-4E1B-B9FD-AA64B325797E}] => (Allow) C:\Users\Daivoon\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3A050F93-E6AB-4CDC-B616-DF8CCDF86A1D}] => (Allow) C:\Users\Daivoon\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1BE447D0-5B66-4744-9300-2580CAECBF57}] => (Allow) C:\Users\Daivoon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{3963BB5E-469A-406E-9AEB-18A47CADE4CF}C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1F1F7579-1A91-4D5B-94F3-743CC89272E8}C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{808307A2-6E5B-4641-9A25-EABB0F17987E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{75B6D0E9-443C-479D-86AB-4D042723CA13}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{D2A6B2F1-5DB6-424F-8F8C-284B4916C585}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{D0359D88-18FF-4314-956B-E0D389D6130A}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{CCE7BC27-67F2-44A4-854D-146487968446}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{F49F4FBE-9092-4512-B216-A54FD0845F16}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{CC170A32-F421-4455-8E30-CD2E9E41AFFA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{5A5F6D73-5A86-4170-A340-C7BE92E66198}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{74063956-E4C0-44B6-8E32-4BCF748AC401}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{5369A744-8AF6-450B-9EA7-2136550291E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E6C4B27D-F208-468A-8717-BF5DC7271709}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{D619081B-7185-44C7-BF41-76AE2CAE19D3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{54A43501-0D32-4ED3-9333-656A9DACF48B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{0489894E-FA76-42D4-90DF-84CA630C94A3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{D43503E6-E8EB-4ED8-AFEF-54036D35792C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{16923783-985F-4931-AA0D-04F1917FB453}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{024DC48D-3838-4618-A29C-8688753648F5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{D778CBF2-1D92-43EB-974A-A2E94AA3C2AD}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0CE17FE7-8F33-4A8B-9ED8-EC7ED314599A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{B00D5E86-6B89-4214-8E19-8A43A436669B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [TCP Query User{9925DD56-629F-4395-95A2-0F35E0E90987}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [UDP Query User{271A4A49-8B61-4961-9AC4-527255715568}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [{2A15745D-3A80-46CA-8752-C095979C392C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{4065084C-F2C0-4F5D-BA1A-6BCE4B13993D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{41DFA06E-73BE-4156-98AE-739402D0EB9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9218E206-8EB0-44BF-9704-468E47414F26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1AC2037A-0C94-4C92-943A-8A832CCA4B64}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{CA79D88B-C988-43EE-9AE7-0769D0C35065}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{87C86FB5-7E7C-4C38-B822-53F832C40E10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4F1116AD-71EE-46CA-A401-4A248F3DFC69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85260931-512B-45CA-BA8E-DB9DF41465C0}] => (Allow) LPort=5354
FirewallRules: [{F9DB0376-738D-40EE-8D06-07773D0B12D8}] => (Allow) LPort=5354
FirewallRules: [{46506254-B528-400B-897A-B93BE17F72C3}] => (Allow) LPort=5354
FirewallRules: [{84818767-B0FA-4461-96B4-8D86D767FC19}] => (Allow) LPort=5354
FirewallRules: [{4916BA72-5334-42BB-B8CB-3F037B419A8E}] => (Allow) LPort=5354
FirewallRules: [{B826EB7D-7D7F-4B10-901C-B31A709078BB}] => (Allow) LPort=5354
FirewallRules: [{C691C7BE-352B-4B8C-8E05-6ACD2E801311}] => (Allow) LPort=5354
FirewallRules: [{8E1BD2B7-2F08-464D-90DD-44B71D903571}] => (Allow) LPort=5354
FirewallRules: [{BD45A994-4CDC-4729-90CA-05E793574771}] => (Allow) LPort=5354
FirewallRules: [{0D62E00D-7994-435D-8203-4059C54A56BF}] => (Allow) LPort=5354
FirewallRules: [{369481A1-AC88-4043-9CDD-28E5BCE5C675}] => (Allow) LPort=5354
FirewallRules: [{03C43B5B-CEE6-439A-8848-16C45B1FF1EF}] => (Allow) LPort=5354
FirewallRules: [{97CE0165-75BC-490E-982B-0E28948765E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{4C05BD40-A282-45FA-A18B-ECDC044E09AD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{064857F9-AB0B-4EFE-AD1C-B367E559E4DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-04-2016 19:00:24 Copias de seguridad de Windows
05-04-2016 10:11:15 Windows Update
12-04-2016 14:12:43 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2016 12:23:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 09:03:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 08:37:50 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/13/2016 08:27:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 09:01:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 08:53:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/12/2016 08:43:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2016 08:38:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/11/2016 08:28:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2016 08:43:13 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220


System errors:
=============
Error: (04/13/2016 12:32:13 PM) (Source: iaStor) (EventID: 9) (User: )
Description: El dispositivo, \Device\Ide\iaStor0, no respondió en el tiempo de espera permitido.

Error: (04/13/2016 08:59:16 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/13/2016 08:59:05 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/13/2016 08:59:03 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/13/2016 08:35:01 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/13/2016 08:34:56 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/13/2016 08:34:56 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/13/2016 08:34:54 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/13/2016 08:34:29 AM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)

Error: (04/12/2016 04:15:10 PM) (Source: DCOM) (EventID: 10016) (User: Daivoon-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Daivoon-PCInvitadoS-1-5-21-2640099909-525072943-4173629134-501LocalHost (con LRPC)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 6124.3 MB
Available physical RAM: 2809.89 MB
Total Virtual: 12246.8 MB
Available Virtual: 8183.71 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.95 GB) (Free:24.12 GB) NTFS
Drive d: (DATA) (Fixed) (Total:223.71 GB) (Free:85.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E2F0C4EC)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

--- --- ---

cosinus · 13.04.2016, 12:45

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Amphitrite · 13.04.2016, 14:09

Mache ich sofort, aber darf ich fragen wozu das grob alles nötig ist? Bin ich so verseucht?

Code:

ATTFilter

# AdwCleaner v5.110 - Bericht erstellt am 13/04/2016 um 13:48:07
# Aktualisiert am 10/04/2016 von Xplode
# Datenbank : 2016-04-11.4 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Daivoon - DAIVOON-PC
# Gestartet von : C:\Users\Daivoon\Desktop\AdwCleaner_5.110.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner gelöscht : C:\ProgramData\apn
[#] Ordner gelöscht : C:\ProgramData\Application Data\apn
[-] Ordner gelöscht : C:\Users\Daivoon\AppData\Roaming\RHEng

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Internetbrowser ] *****

[-] [C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : es.yhs4.search.yahoo.com
[-] [C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gelöscht : hxxp://es.search.yahoo.com/?type=714647&fr=spigot-yhp-ch

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1539 Bytes] - [13/04/2016 13:48:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1515 Bytes] - [13/04/2016 13:41:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [1591 Bytes] - [13/04/2016 13:45:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1758 Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Daivoon (Administrator) on 13.04.2016 at 13:55:43,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 49 

Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\{2E0FDD11-D436-42D8-8BE4-F1136BB9D506} (Empty Folder)
Successfully deleted: C:\Users\Daivoon\AppData\Local\{445CE5BA-C60B-4FF0-B098-5B49C033D3CC} (Empty Folder)
Successfully deleted: C:\Users\Daivoon\AppData\Local\{4B58D144-BD52-4AC1-93CF-293F4B679297} (Empty Folder)
Successfully deleted: C:\Users\Daivoon\AppData\Local\{4D8D5517-5FE6-4286-8E6B-08C86C0FB7A6} (Empty Folder)
Successfully deleted: C:\Users\Daivoon\AppData\Local\{A4E86AC1-3BB2-445F-A45C-19D78C2883BC} (Empty Folder)
Successfully deleted: C:\Users\Daivoon\AppData\Local\{EEBA9767-A52D-40C4-B712-6915B3DE6551} (Empty Folder)
Successfully deleted: C:\Users\Daivoon\AppData\Local\{F3074C84-41DF-4A4E-B257-A666236AFF36} (Empty Folder)
Successfully deleted: C:\Users\Daivoon\AppData\Roaming\pdfforge (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4H5LPBVC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52QTLBXC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QSWPW9L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UHMQQMS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9T2Y2JAW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSPUHJ8H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMYFDR4L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM3QVX3Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LVMGQNFF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQLBKMVV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3AU9XG7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEZN50W4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0JM993V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4MF0VYX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZ8VH4HK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Daivoon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQMGZ4YO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4H5LPBVC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52QTLBXC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QSWPW9L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UHMQQMS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9T2Y2JAW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSPUHJ8H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMYFDR4L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM3QVX3Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LVMGQNFF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQLBKMVV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3AU9XG7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEZN50W4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0JM993V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4MF0VYX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZ8VH4HK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQMGZ4YO (Temporary Internet Files Folder) 



Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2016 at 14:00:33,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus · 14.04.2016, 07:57

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

Amphitrite · 14.04.2016, 09:14

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Daivoon (administrator) on DAIVOON-PC (14-04-2016 09:08:27)
Running from C:\Users\Daivoon\Downloads
Loaded Profiles: Daivoon (Available Profiles: Daivoon & Goetz & Invitado)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-13] (AVAST Software)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\Run: [Polar FlowSync] => [X]
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\Run: [EDO-Soft Sticky Notes] => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe [373760 2014-02-23] (Microsoft)
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\RunOnce: [Uninstall C:\Users\Daivoon\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daivoon\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\RunOnce: [Uninstall C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\RunOnce: [Uninstall C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-13] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2014-11-26]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-12-10]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2014-12-06] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{0B69A450-8BBE-47F9-9286-2BCF071F152B}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{2936A1A8-246D-4788-BD0B-0B2E5DCA93AF}: [NameServer] 131.130.1.11 131.130.1.12
Tcpip\..\Interfaces\{F2D76251-7AA0-4993-A59C-85CCF9E8C036}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2640099909-525072943-4173629134-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2640099909-525072943-4173629134-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-13] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-03-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\sg6otba9.default
FF Homepage: hxxps://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Extension: NEWA - C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\sg6otba9.default\Extensions\NEWA@Ansgar.xpi [2015-02-12] [not signed]
FF Extension: Qute 4++ (custom mod) - C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\sg6otba9.default\Extensions\{69d0119c-32f1-4766-82d7-617f04d5643b}.xpi [2014-11-25] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://es.search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "hxxps://www.google.at/"
CHR Profile: C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WhatsChrome) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-02-15]
CHR Extension: (YouTube) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Telegram) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-02-11]
CHR Extension: (Google-Suche) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google News) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-03-04]
CHR Extension: (Google Tabellen) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-06]
CHR Extension: (Fade to Bright Aero Skin (by Skarv)) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniphhdbdangomdllnbbhhkofoggidgc [2015-08-07]
CHR Extension: (Hootsuite) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-11-24]
CHR Extension: (Google Maps) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Assignments (by Hootsuite)) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfcehdaekhnbkojcnjijopkecldfdcm [2014-11-24]
CHR Extension: (Evernote Web Clipper) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-03-03]
CHR Extension: (Google Mail) - C:\Users\Daivoon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-13] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2014-10-22] (Samsung Electronics Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-13] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 08:35 - 2016-04-14 08:35 - 00000000 ___HD C:\OneDriveTemp
2016-04-13 17:06 - 2016-04-13 17:08 - 00000000 ____D C:\Users\Daivoon\Desktop\DSD 2016_04_13
2016-04-13 14:00 - 2016-04-13 14:00 - 00008170 _____ C:\Users\Daivoon\Desktop\JRT.txt
2016-04-13 13:41 - 2016-04-13 13:48 - 00000000 ____D C:\AdwCleaner
2016-04-13 13:07 - 2016-04-13 13:07 - 00000000 ____D C:\Users\Daivoon\AppData\Local\TempOfficeC2R725FB22B-3A56-4C70-ACCE-DF596745FB4A
2016-04-13 13:04 - 2016-04-13 13:04 - 01610352 _____ (Malwarebytes) C:\Users\Daivoon\Desktop\JRT.exe
2016-04-13 12:55 - 2016-04-13 12:58 - 03465280 _____ C:\Users\Daivoon\Desktop\AdwCleaner_5.110.exe
2016-04-13 12:40 - 2016-04-13 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-13 12:33 - 2016-04-13 12:34 - 00052863 _____ C:\Users\Daivoon\Downloads\Addition.txt
2016-04-13 12:31 - 2016-04-14 09:09 - 00028590 _____ C:\Users\Daivoon\Downloads\FRST.txt
2016-04-13 12:31 - 2016-04-14 09:08 - 00000000 ____D C:\FRST
2016-04-13 12:30 - 2016-04-13 12:30 - 02375168 _____ (Farbar) C:\Users\Daivoon\Downloads\FRST64.exe
2016-04-13 12:19 - 2016-04-13 12:19 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-13 12:19 - 2016-04-13 12:19 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-13 09:48 - 2016-03-31 20:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 09:48 - 2016-03-31 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 09:48 - 2016-03-31 01:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 09:48 - 2016-03-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 09:48 - 2016-03-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 09:48 - 2016-03-31 01:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 09:48 - 2016-03-31 01:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 09:48 - 2016-03-31 01:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 09:48 - 2016-03-31 01:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 09:48 - 2016-03-31 01:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 09:48 - 2016-03-31 01:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 09:48 - 2016-03-31 01:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 09:48 - 2016-03-31 01:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 09:48 - 2016-03-31 01:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 09:48 - 2016-03-31 01:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 09:48 - 2016-03-31 01:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 09:48 - 2016-03-31 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 09:48 - 2016-03-31 01:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 09:48 - 2016-03-31 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 09:48 - 2016-03-31 01:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 09:48 - 2016-03-31 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 09:48 - 2016-03-31 01:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 09:48 - 2016-03-31 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 09:48 - 2016-03-31 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 09:48 - 2016-03-31 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 09:48 - 2016-03-31 00:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 09:48 - 2016-03-31 00:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 09:48 - 2016-03-31 00:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 09:48 - 2016-03-31 00:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 09:48 - 2016-03-31 00:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 09:48 - 2016-03-31 00:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 09:48 - 2016-03-31 00:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 09:48 - 2016-03-31 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 09:48 - 2016-03-31 00:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 09:48 - 2016-03-31 00:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 09:48 - 2016-03-31 00:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 09:48 - 2016-03-31 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 09:48 - 2016-03-31 00:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 09:48 - 2016-03-31 00:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 09:48 - 2016-03-31 00:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 09:48 - 2016-03-31 00:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 09:48 - 2016-03-31 00:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 09:48 - 2016-03-31 00:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 09:48 - 2016-03-31 00:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 09:48 - 2016-03-31 00:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 09:48 - 2016-03-31 00:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 09:48 - 2016-03-31 00:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 09:48 - 2016-03-31 00:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 09:48 - 2016-03-31 00:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 09:48 - 2016-03-31 00:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 09:48 - 2016-03-31 00:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 09:48 - 2016-03-31 00:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 09:48 - 2016-03-31 00:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 09:48 - 2016-03-31 00:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 09:48 - 2016-03-31 00:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 09:48 - 2016-03-31 00:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 09:48 - 2016-03-31 00:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 09:48 - 2016-03-31 00:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 09:48 - 2016-03-31 00:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 09:48 - 2016-03-31 00:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 09:48 - 2016-03-31 00:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 09:48 - 2016-03-31 00:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 09:48 - 2016-03-31 00:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 09:48 - 2016-03-31 00:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 09:48 - 2016-03-31 00:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 09:48 - 2016-03-31 00:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 09:48 - 2016-03-29 18:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 09:48 - 2016-03-18 00:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 09:48 - 2016-03-18 00:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 09:48 - 2016-03-18 00:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 09:48 - 2016-03-18 00:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 09:48 - 2016-03-18 00:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 09:48 - 2016-03-18 00:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 09:48 - 2016-03-17 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 09:48 - 2016-03-17 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 09:48 - 2016-03-17 23:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 09:48 - 2016-03-17 23:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 09:48 - 2016-03-17 23:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 09:48 - 2016-03-17 23:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 09:48 - 2016-03-17 23:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 09:48 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 09:48 - 2016-03-17 23:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 09:48 - 2016-03-17 23:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 09:48 - 2016-03-17 23:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 09:48 - 2016-03-17 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 09:48 - 2016-03-17 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 09:48 - 2016-03-17 23:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 09:48 - 2016-03-17 23:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 09:48 - 2016-03-17 23:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 09:48 - 2016-03-17 23:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 09:48 - 2016-03-17 23:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 09:48 - 2016-03-17 23:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 09:48 - 2016-03-17 23:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 09:48 - 2016-03-17 23:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 09:48 - 2016-03-17 23:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 09:48 - 2016-03-17 23:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 09:48 - 2016-03-17 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 09:48 - 2016-03-17 23:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 09:48 - 2016-03-17 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 09:48 - 2016-03-17 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 09:48 - 2016-03-17 23:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 09:48 - 2016-03-17 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 09:48 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 09:48 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 09:48 - 2016-03-17 23:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 09:48 - 2016-03-17 23:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 09:48 - 2016-03-17 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 09:48 - 2016-03-17 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 09:48 - 2016-03-17 23:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 09:48 - 2016-03-17 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 22:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 09:48 - 2016-03-17 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 09:48 - 2016-03-17 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 09:48 - 2016-03-17 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 09:48 - 2016-03-17 22:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 09:48 - 2016-03-17 22:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 09:48 - 2016-03-17 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 09:48 - 2016-03-17 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 09:48 - 2016-03-17 22:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 09:48 - 2016-03-17 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 09:48 - 2016-03-17 22:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 09:48 - 2016-03-17 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 09:48 - 2016-03-17 22:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 09:48 - 2016-03-17 22:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 09:48 - 2016-03-17 22:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 09:48 - 2016-03-17 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 09:48 - 2016-03-17 22:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 09:48 - 2016-03-17 22:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 22:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 22:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 09:48 - 2016-03-17 22:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 09:48 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 09:48 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 09:48 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 09:48 - 2016-03-11 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 09:48 - 2016-03-11 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 09:48 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 09:48 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 09:48 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 09:48 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-06 15:13 - 2016-04-06 15:16 - 00000000 ____D C:\Users\Daivoon\Desktop\jochen
2016-04-05 15:05 - 2016-04-05 15:05 - 00024602 _____ C:\Users\Daivoon\Desktop\It is my personal belief that anyone can become or accomplish anything IF they truly believe in themselves.odt
2016-04-04 22:31 - 2016-04-04 22:31 - 00001452 _____ C:\Users\Daivoon\Desktop\malware scan 0404.txt
2016-04-04 22:29 - 2016-04-04 22:29 - 00001452 _____ C:\Users\Daivoon\Desktop\malwarescan 04.04.txt
2016-04-04 21:05 - 2016-04-14 08:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-04 21:04 - 2016-04-04 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-04 21:04 - 2016-04-04 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-04 21:04 - 2016-04-04 21:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-04 21:04 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-04 21:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-04 21:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-04 21:01 - 2016-04-04 21:01 - 22851472 _____ (Malwarebytes ) C:\Users\Daivoon\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-04 16:47 - 2016-04-04 16:47 - 00074175 _____ C:\Users\Daivoon\Downloads\e-ticket_7242138131059.pdf
2016-03-31 09:24 - 2016-03-31 09:24 - 01936909 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_08_25.pdf
2016-03-31 09:24 - 2016-03-31 09:24 - 01936902 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_08_25 (1).pdf
2016-03-31 08:57 - 2016-03-31 08:57 - 01846737 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_07_58.pdf
2016-03-31 08:56 - 2016-03-31 08:56 - 01846753 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_07_57.pdf
2016-03-31 08:56 - 2016-03-31 08:56 - 01846735 _____ C:\Users\Invitado\Downloads\summaries_31_03_2016_07_57 (1).pdf
2016-03-29 15:22 - 2016-03-29 15:22 - 00000000 ____D C:\Users\Daivoon\Desktop\kurs julia und  jan
2016-03-28 19:18 - 2016-03-28 19:19 - 00000000 ____D C:\Users\Daivoon\Desktop\kurs maxi
2016-03-26 10:09 - 2016-03-26 10:09 - 01665128 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_10.pdf
2016-03-26 10:08 - 2016-03-26 10:09 - 01665153 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_09.pdf
2016-03-26 10:07 - 2016-03-26 10:07 - 01665112 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_07 (1).pdf
2016-03-26 10:06 - 2016-03-26 10:06 - 01665117 _____ C:\Users\Invitado\Downloads\summaries_26_03_2016_09_07.pdf
2016-03-24 09:41 - 2016-03-24 09:41 - 00000104 _____ C:\Users\Invitado\Desktop\Nuevo documento de texto.txt
2016-03-22 15:13 - 2016-03-22 15:13 - 00069243 _____ C:\Users\Invitado\Downloads\trainingrecord-cmas-1-stern (4).pdf
2016-03-19 09:58 - 2016-03-19 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 21:40 - 2016-03-17 21:40 - 00004891 _____ C:\Users\Daivoon\Desktop\Ron liste2.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 09:09 - 2014-11-24 18:58 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 08:42 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 08:42 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 08:36 - 2014-11-25 14:59 - 00000000 ___RD C:\Users\Daivoon\Dropbox
2016-04-14 08:36 - 2014-11-25 14:55 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\Dropbox
2016-04-14 08:36 - 2014-11-24 16:45 - 00000000 ____D C:\ProgramData\clear.fi
2016-04-14 08:35 - 2015-11-17 10:16 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-14 08:35 - 2014-11-26 11:13 - 00000000 ___RD C:\Users\Daivoon\OneDrive
2016-04-14 08:35 - 2014-11-24 18:58 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 08:33 - 2014-11-24 14:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-14 08:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-13 18:46 - 2014-11-27 18:28 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\UseNeXT
2016-04-13 18:46 - 2014-11-25 17:25 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\vlc
2016-04-13 18:43 - 2014-11-27 18:28 - 00000000 ____D C:\Users\Daivoon\Documents\UseNeXT
2016-04-13 18:23 - 2014-12-11 11:46 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-13 18:21 - 2015-11-17 10:16 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-13 14:11 - 2014-11-24 23:39 - 00747396 _____ C:\Windows\system32\perfh00A.dat
2016-04-13 14:11 - 2014-11-24 23:39 - 00158868 _____ C:\Windows\system32\perfc00A.dat
2016-04-13 14:11 - 2009-07-14 06:13 - 01676890 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-13 14:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-04-13 13:35 - 2009-07-14 05:45 - 00512320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 13:21 - 2014-11-25 13:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 12:22 - 2015-12-02 11:11 - 00003060 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1449051072
2016-04-13 12:20 - 2014-11-24 19:09 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-13 12:20 - 2014-11-24 19:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-13 12:19 - 2014-11-24 19:14 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-13 12:19 - 2014-11-24 19:09 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-12 09:11 - 2014-11-24 18:59 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 09:01 - 2014-11-26 11:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-12 09:00 - 2014-11-24 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-08 10:23 - 2014-12-11 11:46 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 10:23 - 2014-12-11 11:46 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 10:23 - 2011-07-11 05:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 13:14 - 2016-02-11 15:33 - 00000000 ____D C:\Users\Invitado\Desktop\DSD
2016-04-06 23:51 - 2014-11-25 15:41 - 00000000 ____D C:\Users\Daivoon\AppData\Roaming\Skype
2016-04-04 15:54 - 2015-08-25 14:26 - 00000000 ____D C:\Users\Daivoon\Desktop\DSD  + pic`s
2016-04-02 19:55 - 2016-01-10 18:27 - 00000000 ____D C:\Users\Invitado\AppData\Roaming\Skype
2016-04-01 13:14 - 2015-02-03 19:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-29 07:52 - 2009-07-14 06:08 - 00032520 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-28 20:18 - 2011-07-11 04:41 - 00000000 ____D C:\ProgramData\Skype
2016-03-28 20:17 - 2014-11-25 16:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-26 19:56 - 2015-02-17 16:15 - 00000000 ___RD C:\Users\Goetz\Dropbox
2016-03-26 18:05 - 2014-11-25 16:54 - 00000000 ____D C:\Users\Daivoon\Desktop\Filme
2016-03-26 17:59 - 2014-11-24 16:32 - 00000000 ____D C:\Users\Daivoon
2016-03-23 14:49 - 2016-03-04 18:51 - 00000000 ____D C:\Users\Daivoon\Desktop\papel por la museum
2016-03-22 19:08 - 2014-12-10 17:29 - 00000000 ____D C:\Users\Daivoon\Documents\Scan
2016-03-21 11:36 - 2016-02-18 16:39 - 00000000 ____D C:\Users\Daivoon\AppData\Local\ElevatedDiagnostics
2016-03-19 09:58 - 2015-11-17 10:16 - 00000000 ____D C:\Program Files (x86)\Dropbox

==================== Files in the root of some directories =======

2015-04-08 09:28 - 2015-04-08 09:28 - 0121790 _____ () C:\Users\Daivoon\AppData\Local\0DD89E43_stp.CIS
2015-04-08 09:28 - 2015-04-08 09:28 - 0000310 _____ () C:\Users\Daivoon\AppData\Local\0DD89E43_stp.CIS.part
2015-04-08 09:27 - 2015-04-08 09:27 - 0192475 _____ () C:\Users\Daivoon\AppData\Local\38C2540F_stp.CIS
2015-04-08 09:27 - 2015-04-08 09:27 - 0000290 _____ () C:\Users\Daivoon\AppData\Local\38C2540F_stp.CIS.part
2015-04-08 09:27 - 2015-04-08 09:27 - 0385602 _____ () C:\Users\Daivoon\AppData\Local\5D515C96_stp.CIS
2015-04-08 09:27 - 2015-04-08 09:27 - 0000220 _____ () C:\Users\Daivoon\AppData\Local\5D515C96_stp.CIS.part
2014-11-24 16:05 - 2014-11-24 16:06 - 0002640 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some files in TEMP:
====================
C:\Users\Daivoon\AppData\Local\Temp\cct.dll
C:\Users\Daivoon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpke4lg9.dll
C:\Users\Daivoon\AppData\Local\Temp\JavaIC.dll
C:\Users\Daivoon\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Daivoon\AppData\Local\Temp\libeay32.dll
C:\Users\Daivoon\AppData\Local\Temp\msscct32.dll
C:\Users\Daivoon\AppData\Local\Temp\msvcr120.dll
C:\Users\Daivoon\AppData\Local\Temp\sqlite3.dll
C:\Users\Daivoon\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Daivoon\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Goetz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7wez50.dll
C:\Users\Invitado\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpormftm.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-09 09:11

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Daivoon (2016-04-14 09:09:38)
Running from C:\Users\Daivoon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-24 15:32:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2640099909-525072943-4173629134-500 - Administrator - Disabled)
Daivoon (S-1-5-21-2640099909-525072943-4173629134-1001 - Administrator - Enabled) => C:\Users\Daivoon
Goetz (S-1-5-21-2640099909-525072943-4173629134-1003 - Limited - Enabled) => C:\Users\Goetz
HomeGroupUser$ (S-1-5-21-2640099909-525072943-4173629134-1002 - Limited - Enabled)
Invitado (S-1-5-21-2640099909-525072943-4173629134-501 - Limited - Enabled) => C:\Users\Invitado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
calibre (HKLM-x32\...\{84A259BB-88C4-435F-B755-8C6EE64B7E93}) (Version: 2.40.0 - Kovid Goyal)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diagnóstico de impresoras Samsung (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote Sticky Notes (HKLM-x32\...\{4FC3ACD7-105C-42E2-9A48-4FFF58C76D19}) (Version: 1.5.9 - Evernote Sticky Notes)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6769.2015 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2640099909-525072943-4173629134-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 de)) (Version: 38.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA Controlador de audio HD 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 280.19 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.8019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 280.19 (Version: 280.19 - NVIDIA Corporation) Hidden
Paquete de controladores de Logitech Webcam Software (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar FlowSync Version 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.44 (23.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.58.01(20.10.2014) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.17 (17.09.2014) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.11 (22.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vokabeltrainer En Vivo A1 (HKLM-x32\...\{589D1E78-A6BA-485D-85D9-83F9E3DC1379}) (Version: 5.0.15 - Langenscheidt)
Vokabeltrainer-Update 5.0.33 (HKLM-x32\...\{9E493105-122C-4F96-9773-B5161001198E}) (Version: 5.0.33 - Langenscheidt)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2640099909-525072943-4173629134-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2640099909-525072943-4173629134-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Daivoon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CF3810-2F92-439F-AD50-695C7B6DA836} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {19BD3774-F27A-4058-BFBB-438FA6B1C525} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2CBBF051-AE32-4F9D-B447-7808058C62F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2D1B25D0-2A7C-4CEF-A5EE-DD40512E1F8A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {490FCC47-F4D8-44EE-93F1-FE7D89E904FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-13] (AVAST Software)
Task: {4CF9A038-BA59-459B-A1FA-80F022479433} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-17] (Dropbox, Inc.)
Task: {51290902-251B-46C4-8557-19C9EABBCB45} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {51615939-8D07-44E2-9520-DC410BB63AE7} - System32\Tasks\SafeZone scheduled Autoupdate 1449051072 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {71D499A4-E14F-450F-9033-321BCA1069D8} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {72B64BBB-B604-41B4-96D2-7B04F9DEDB5B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {905EBE36-4140-44B6-9AE8-EF331E4CD947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {95F1F8D4-09E2-4566-9044-25426C6EE4D4} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {A6FED1FE-7E9F-41A2-910A-F3C983AA0D8C} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {A79B72F6-C233-4BD1-B92A-F373F26438E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {B267C0BE-DCD1-4338-8B74-104C97EEDA9E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-25] (Microsoft Corporation)
Task: {B6577E98-356A-49DA-9562-25A16C0988FB} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-09-05] (Acer)
Task: {DBE19309-8473-48D3-A0A1-9BB09221FEB8} - System32\Tasks\{2F040BB0-4A7C-4C24-AAFB-1802FE0D134B} => pcalua.exe -a C:\Users\Daivoon\AppData\Local\Evernote\Evernote\AutoUpdate\Evernote_5.8.5.7193.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
Task: {DFECE80C-4D5D-49F8-83B3-B1D523FCFFFF} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {E267724A-6DF6-41C9-B669-9DEDA7235FF0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-11-25 17:12 - 2013-05-29 13:01 - 00034304 _____ () C:\Windows\System32\ssm4mlm.dll
2015-12-04 09:42 - 2016-03-24 17:28 - 00172232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-09-08 14:39 - 2014-09-08 14:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-11-26 14:55 - 2009-07-20 13:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2014-11-26 14:55 - 2009-07-20 05:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 17:26 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2014-07-25 05:36 - 2014-08-18 17:08 - 00087552 ____N () C:\Windows\system32\SSDEVM64.DLL
2014-11-25 17:14 - 2013-02-22 14:29 - 00365568 _____ () C:\Windows\system32\SaMinDrv.dll
2016-04-13 12:19 - 2016-04-13 12:19 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-13 12:19 - 2016-04-13 12:19 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-13 17:50 - 2016-04-13 17:50 - 02887168 _____ () C:\Program Files\AVAST Software\Avast\defs\16041301\algo.dll
2016-04-13 12:19 - 2016-04-13 12:19 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-11-24 16:06 - 2011-10-12 11:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-12-02 11:04 - 2015-12-02 11:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-14 11:05 - 2016-02-23 19:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-19 09:58 - 2016-02-23 19:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-19 09:58 - 2016-02-23 19:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-14 11:05 - 2016-02-23 19:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-14 11:05 - 2016-02-23 19:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-14 11:05 - 2016-03-12 01:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-19 09:58 - 2016-02-23 19:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-14 11:05 - 2016-03-12 01:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-14 11:05 - 2016-02-23 19:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 11:05 - 2016-02-23 19:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-14 11:05 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 11:05 - 2016-03-12 01:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-19 09:58 - 2016-02-23 19:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-19 09:58 - 2016-02-23 19:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-14 11:05 - 2016-03-12 01:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 11:05 - 2016-02-23 19:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-19 09:58 - 2016-02-23 19:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-19 09:58 - 2016-02-23 19:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-14 11:05 - 2016-02-23 19:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 10:05 - 2016-03-12 01:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-19 09:58 - 2016-03-12 01:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-14 11:05 - 2016-02-23 19:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-19 09:58 - 2016-02-23 19:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-19 09:58 - 2016-02-23 19:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-14 11:05 - 2016-03-12 01:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-19 09:58 - 2016-03-12 01:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-11-17 10:17 - 2016-02-23 19:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-02-11 14:01 - 2016-02-11 14:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5eb8f854950c428c64f668e63c5a0498\IsdiInterop.ni.dll
2014-11-24 15:54 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2640099909-525072943-4173629134-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BitTorrent => "C:\Users\Daivoon\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: EDO-Soft Sticky Notes => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{94CAA6C1-26FB-49C6-9FA9-EC7A3DD271E5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4839D2F9-7DFE-4468-9715-FB736666D338}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7215FA78-059E-4045-B452-9083302F9016}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9FEF16CE-2748-4F82-8C08-B8B54090E4BA}] => (Allow) LPort=2869
FirewallRules: [{E7F75A57-F11B-4596-BC7E-5666B08F9787}] => (Allow) LPort=1900
FirewallRules: [{4C076C0E-66F6-4CA9-B621-87F36AD128ED}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{7D182FAF-506F-4D1E-8CEC-D7FB73A424E1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{D7ECF7D6-6EB3-4370-85E9-FE4940B48E4A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F0605FCD-4B6F-44DE-BBC0-C14CB8F4EB58}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{431CA109-CF91-4F69-B0C3-4CC19002F683}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{9BA21ADB-B9E5-48F9-8930-837A1B547B96}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{5419E5D8-B7CD-42BF-B0FE-2FEA57F18565}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9D4EE24C-4FDC-45BE-BA4E-BE15A2BBB6B1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{2AFB6D6E-F01E-462F-8EFE-7AF07F5824FA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{0C47FC59-6569-45A9-881C-B0DCD5982638}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{75855F23-5C4D-46BF-A286-BA1C83F50DDE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{6CAA81A0-D76A-4A96-97DB-A609BCA0E6B1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D1A0A6EC-2480-4E1B-B9FD-AA64B325797E}] => (Allow) C:\Users\Daivoon\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3A050F93-E6AB-4CDC-B616-DF8CCDF86A1D}] => (Allow) C:\Users\Daivoon\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1BE447D0-5B66-4744-9300-2580CAECBF57}] => (Allow) C:\Users\Daivoon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{3963BB5E-469A-406E-9AEB-18A47CADE4CF}C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1F1F7579-1A91-4D5B-94F3-743CC89272E8}C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\daivoon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{808307A2-6E5B-4641-9A25-EABB0F17987E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{75B6D0E9-443C-479D-86AB-4D042723CA13}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{D2A6B2F1-5DB6-424F-8F8C-284B4916C585}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{D0359D88-18FF-4314-956B-E0D389D6130A}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{CCE7BC27-67F2-44A4-854D-146487968446}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{F49F4FBE-9092-4512-B216-A54FD0845F16}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{CC170A32-F421-4455-8E30-CD2E9E41AFFA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{5A5F6D73-5A86-4170-A340-C7BE92E66198}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{74063956-E4C0-44B6-8E32-4BCF748AC401}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{5369A744-8AF6-450B-9EA7-2136550291E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E6C4B27D-F208-468A-8717-BF5DC7271709}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{D619081B-7185-44C7-BF41-76AE2CAE19D3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{54A43501-0D32-4ED3-9333-656A9DACF48B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{0489894E-FA76-42D4-90DF-84CA630C94A3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{D43503E6-E8EB-4ED8-AFEF-54036D35792C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{16923783-985F-4931-AA0D-04F1917FB453}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{024DC48D-3838-4618-A29C-8688753648F5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{D778CBF2-1D92-43EB-974A-A2E94AA3C2AD}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0CE17FE7-8F33-4A8B-9ED8-EC7ED314599A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{B00D5E86-6B89-4214-8E19-8A43A436669B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [TCP Query User{9925DD56-629F-4395-95A2-0F35E0E90987}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [UDP Query User{271A4A49-8B61-4961-9AC4-527255715568}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [{2A15745D-3A80-46CA-8752-C095979C392C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{4065084C-F2C0-4F5D-BA1A-6BCE4B13993D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{41DFA06E-73BE-4156-98AE-739402D0EB9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9218E206-8EB0-44BF-9704-468E47414F26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1AC2037A-0C94-4C92-943A-8A832CCA4B64}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{CA79D88B-C988-43EE-9AE7-0769D0C35065}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{87C86FB5-7E7C-4C38-B822-53F832C40E10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4F1116AD-71EE-46CA-A401-4A248F3DFC69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85260931-512B-45CA-BA8E-DB9DF41465C0}] => (Allow) LPort=5354
FirewallRules: [{F9DB0376-738D-40EE-8D06-07773D0B12D8}] => (Allow) LPort=5354
FirewallRules: [{46506254-B528-400B-897A-B93BE17F72C3}] => (Allow) LPort=5354
FirewallRules: [{84818767-B0FA-4461-96B4-8D86D767FC19}] => (Allow) LPort=5354
FirewallRules: [{4916BA72-5334-42BB-B8CB-3F037B419A8E}] => (Allow) LPort=5354
FirewallRules: [{B826EB7D-7D7F-4B10-901C-B31A709078BB}] => (Allow) LPort=5354
FirewallRules: [{C691C7BE-352B-4B8C-8E05-6ACD2E801311}] => (Allow) LPort=5354
FirewallRules: [{8E1BD2B7-2F08-464D-90DD-44B71D903571}] => (Allow) LPort=5354
FirewallRules: [{BD45A994-4CDC-4729-90CA-05E793574771}] => (Allow) LPort=5354
FirewallRules: [{0D62E00D-7994-435D-8203-4059C54A56BF}] => (Allow) LPort=5354
FirewallRules: [{369481A1-AC88-4043-9CDD-28E5BCE5C675}] => (Allow) LPort=5354
FirewallRules: [{03C43B5B-CEE6-439A-8848-16C45B1FF1EF}] => (Allow) LPort=5354
FirewallRules: [{97CE0165-75BC-490E-982B-0E28948765E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{4C05BD40-A282-45FA-A18B-ECDC044E09AD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{064857F9-AB0B-4EFE-AD1C-B367E559E4DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-04-2016 14:12:43 Windows Update
13-04-2016 13:29:14 Windows Update
13-04-2016 13:55:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2016 08:44:05 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/14/2016 08:34:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 01:59:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: LVPrcSrv.exe, versión: 12.10.1110.0, marca de tiempo: 0x4acc50c4
Nombre del módulo con errores: LVPrcSrv.exe, versión: 12.10.1110.0, marca de tiempo: 0x4acc50c4
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000007af2
Id. del proceso con errores: 0x878
Hora de inicio de la aplicación con errores: 0xLVPrcSrv.exe0
Ruta de acceso de la aplicación con errores: LVPrcSrv.exe1
Ruta de acceso del módulo con errores: LVPrcSrv.exe2
Id. del informe: LVPrcSrv.exe3

Error: (04/13/2016 01:50:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 01:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 01:28:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa AvastUI.exe, versión 11.2.2732.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1024

Hora de inicio: 01d1957f209d8152

Hora de finalización: 60000

Ruta de acceso de la aplicación: C:\Program Files\AVAST Software\Avast\AvastUI.exe

Identificador de informe: 082e1d64-0173-11e6-894d-3860773d1449

Error: (04/13/2016 01:22:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 01:16:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa AvastUI.exe, versión 11.2.2732.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1154

Hora de inicio: 01d19576c2582cb0

Hora de finalización: 60000

Ruta de acceso de la aplicación: C:\Program Files\AVAST Software\Avast\AvastUI.exe

Identificador de informe: 62efd4d3-0171-11e6-867b-3860773d1449

Error: (04/13/2016 12:23:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 09:03:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/13/2016 01:59:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Process Monitor se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/13/2016 01:56:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio NVIDIA Display Driver Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Microsoft .NET Framework NGEN v4.0.30319_X64 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Process Monitor se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) Management and Security Application User Notification Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Nero Update se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) Rapid Storage Technology se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (04/13/2016 01:48:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Microsoft .NET Framework NGEN v4.0.30319_X86 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 6124.3 MB
Available physical RAM: 4098.18 MB
Total Virtual: 12246.78 MB
Available Virtual: 9866 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.95 GB) (Free:23.46 GB) NTFS
Drive d: (DATA) (Fixed) (Total:223.71 GB) (Free:85.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E2F0C4EC)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

--- --- ---

cosinus · 14.04.2016, 09:42

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Amphitrite · 14.04.2016, 10:02

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Daivoon (2016-04-14 09:49:20) Run:1
Running from C:\Users\Daivoon\Downloads
Loaded Profiles: Daivoon (Available Profiles: Daivoon & Goetz & Invitado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => key removed successfully
EmptyTemp: => 4.3 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:50:49 ====

cosinus · 14.04.2016, 11:34

Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:

1. Schritt: MBAM

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

3. Schritt: SecurityCheck

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Amphitrite · 15.04.2016, 09:51

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 14.04.2016
Suchlaufzeit: 11:41
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.04.14.02
Rootkit-Datenbank: v2016.04.09.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Daivoon

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 442909
Abgelaufene Zeit: 24 Min., 9 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee03d65619aff42b55d24001a4db17c
# end=init
# utc_time=2016-04-14 11:29:30
# local_time=2016-04-14 12:29:30 (+0000, Hora de verano GMT)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 29065
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 29065
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee03d65619aff42b55d24001a4db17c
# end=updated
# utc_time=2016-04-14 11:52:04
# local_time=2016-04-14 12:52:04 (+0000, Hora de verano GMT)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=aee03d65619aff42b55d24001a4db17c
# engine=29065
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-14 12:07:47
# local_time=2016-04-14 01:07:47 (+0000, Hora de verano GMT)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=787 16777213 83 97 11659 43786730 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 89213 213100717 0 0
# scanned=31528
# found=1
# cleaned=0
# scan_time=942
sh=5735D1E7463CA17E453D97EE4BC915D3DCFABD0D ft=1 fh=d1fe637ec29c9811 vn="Variante von MSIL/TrojanDownloader.Small.XC Trojaner" ac=I fn="C:\Corel Draw X7 (64bit Windows) with Crack.exe"
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee03d65619aff42b55d24001a4db17c
# end=init
# utc_time=2016-04-14 12:10:25
# local_time=2016-04-14 01:10:25 (+0000, Hora de verano GMT)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 29065
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee03d65619aff42b55d24001a4db17c
# end=updated
# utc_time=2016-04-14 12:11:04
# local_time=2016-04-14 01:11:04 (+0000, Hora de verano GMT)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=aee03d65619aff42b55d24001a4db17c
# engine=29065
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-14 02:04:40
# local_time=2016-04-14 03:04:40 (+0000, Hora de verano GMT)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=787 16777213 83 97 18672 43793743 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 96226 213107730 0 0
# scanned=267241
# found=1
# cleaned=0
# scan_time=6816
sh=5735D1E7463CA17E453D97EE4BC915D3DCFABD0D ft=1 fh=d1fe637ec29c9811 vn="Variante von MSIL/TrojanDownloader.Small.XC Trojaner" ac=I fn="C:\Corel Draw X7 (64bit Windows) with Crack.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 77  
 Java version 32-bit out of Date! 
 Adobe Flash Player 21.0.0.213  
 Adobe Reader XI  
 Mozilla Firefox (40.0.3) 
 Mozilla Thunderbird (38.7.2) 
 Google Chrome (49.0.2623.110) 
 Google Chrome (49.0.2623.112) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````

cosinus · 15.04.2016, 10:06

Zitat:

C:\Corel Draw X7 (64bit Windows) with Crack.exe

Zitat:

Java 8 Update 77
Adobe Flash Player 21.0.0.213
Adobe Reader XI

Adobe Reader deinstallieren. Verwende PDF-X-Change Viewer als bessere Alternative, oftmals reicht aber auch der interne PDF-Betrachter, der im Firefox integriert ist, völlig aus!

Ich würde auch unbedingt Java und wenn es geht den Flash Player weghauen!

Java spielt kaum noch eine Rolle. Fast nirgendwo werden mehr Java-Applets eingesetzt. Und was Adobe mit seinem Flash Player veranstaltet, ist irgendwo zwischen Frechheit und Inkompetenz einzustufen. In dem Teil werden ständig neue dicke Sicherheitslücken gefunden => Der Liebling aller Cyber-Kriminellen: Flash | heise Security

Amphitrite · 15.04.2016, 10:20

Heißt das der Virus ist weg? Dann vielen Dank!!!

Frage: Wie kann ich unter Windows verhindern das andere Programme installieren? Bzw. Mail-Anhänge öffnen? Also geht z.B. ein Passwort zu schalten trotz Administratorenrechten? Denn ich kann kaum verhindern das andere im Hauptprofil rumpfuschen und automatisch Adminrechte haben. Bin total genervt! Diesmal wollten sie u.a. eine zip-Datei aus einem Mail laden (das hat aber glaube ich Antivir grad noch verhindert und die Seite geblockt)....so hab ich den Trojaner überhaupt gefunden....

JAVA und Flash Player werden nicht mehr benötigt? Das wusste ich nicht. Deinstalliere ich sofort!!!!

Vielen Dank nochmal!

14.04.2016, 07:57	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojan.Agent.Trace Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken __________________ Logfiles bitte immer in CODE-Tags posten

Trojan.Agent.Trace

Plagegeister aller Art und deren Bekämpfung: Trojan.Agent.Trace